Sunday, November 10, 2013
My Ethical Hackers get no points for these...
Power Plants and Other Vital Systems Are Totally Exposed on the Internet
What do the controls for two hydroelectric plants in New York, a generator at a Los Angeles foundry, and an automated feed system at a Pennsylvania pig farm all have in common? What about a Los Angeles pharmacy’s prescription system and the surveillance cameras at a casino in the Czech Republic?
They’re all exposed on the internet, without so much as a password to block intruders from accessing them.
… The latest crop comes courtesy of San Francisco-based independent security researcher Paul McMillan, who scanned the entire IPv4 address space (minus government agencies and universities) and found unsecured remote management software running on 30,000 computers.
“What happens in Vegas, stays in Vegas.” OJ will be staying for 15-33 years.
Mikael Thalen reports:
The Las Vegas Public Works Department has begun testing a newly installed street light system around City Hall with wide-ranging capabilities including audio and video recording.
According to the Michigan based “Illuminating Concepts,” the system’s main benefits include “energy management, security and entertainment.” The Las Vegas setup includes such features as emergency notification flashers, playable music and a sound announcement system, all controlled from an Ipad.
The Public Works Department claims they have no plans to use the system’s surveillance cameras… for now, leading many to believe the plan is already well underway as city-wide implementation is discussed.
“Right now our intention is not to have any cameras or recording devices… it’s just to provide output out there, not to get any feed or video feed coming back,” said Public Works Director, Jorge Servantes.
Right, because we all know mission creep is never possible. To see some areas where Intellistreets has already been deployed, see their site.
Read more on StoryLeaks.com
“in loco parentis” means you are acting for the parents, not acting like a parent gone loco. Perhaps you should talk to the parents before you start your surveillance?
Kelly Wallace reports:
Just as parents are grappling with how to keep their kids safe on social media, schools are increasingly confronting a controversial question: Should they do more to monitor students’ online interactions off-campus to protect them from dangers such as bullying, drug use, violence and suicide?
David Jones, president of the firm Safe Outlook Corporation, said two school districts and three schools pay, on average, between $4,000 to $9,000 per year for one of his technology products called CompuGuardian and that he expects the number of schools participating to go up. (Jones said he was not at liberty to reveal which schools work with his company.)
His product gives schools access to, among other things, reporting tools that allow users to search key words connected to cyberbullying and drug use, and to see whether students are researching topics about dangers such as school violence.
It’s all “for the children,” of course.
Read more on CNN.
This will be so much easier when the government has all the information. Would the state be able to grab blood from every doctor in town and run DNA to find a serial rapist? Since the law is inadequate, could this have been protected by contract?
You know that blood test your doctor ran as part of your wellness check? The state can subpoena the results.
I came across a case in Texas on FourthAmendment.com that gave me food for thought. From Owens v. State 2013 Tex. App. LEXIS 13767 (Tex. App. – Houston (1st Dist.) November 7, 2013):
In State v. Hardy, the Texas Court of Criminal Appeals held that the State’s subpoena of the results of blood tests conducted by private medical personnel solely for medical purposes did not violate the Fourth Amendment. State v. Hardy, 963 S.W.2d 516, 527 (Tex. Crim. App. 1997). The facts in this case are similar to those in Hardy. Here, the trial court found that (1) the police officer did not suggest the blood draw or exert any influence over the hospital staff; and (2) the blood draw was taken solely for medical purposes. Because private actors conducted the blood draw and blood tests, the hospital staff’s blood draw and test of it does not violate the Fourth Amendment. See Hardy, 963 S.W.2d at 526. Although the State’s later subpoena of the blood tests is a state action, the request for records does not violate Owens’ reasonable expectation of privacy. Id. at 527. We hold that the Fourth Amendment does not bar the admission of Owens’ blood test results.
Some savvy readers may think, “Well, sure, that makes sense.” But I was thinking about whether patients might avoid treatment or wellness checks if they feared that at some point, the state might subpoena their lab results. A subpoena is a lower standard than a warrant based on probable cause. Do we want states to be able to just subpoena the results of psychiatric evaluations on private citizens seeking help from private psychiatrists? Or does the Texas opinion only apply to blood tests and physical examinations but provide greater protection for mental health records? And have courts in other states reached the same conclusion that such subpoenas do not violate the Fourth Amendment?
The issue for the courts may be the reasonable expectation of privacy under the Fourth Amendment, but the issue for patients may be the confidentiality of the doctor-patient relationship. Yes, our privacy practice notices under HIPAA give some sense of required or permitted disclosures, but I’d venture to say that most patients do not give much thought that some day, the state might just subpoena their medical or mental health records.
Who is ready to move on Big Data? Auditors!
Thanks to audit firms, Math Men are taking over Madison Avenue
Deloitte has purchased Seattle digital ad agency, Banyan Branch. Price Waterhouse Coopers has picked up New York digital creative shop, BGT. And so it continues: business consultancies are aggressively moving into what has traditionally been the marketing/advertising space serviced by agencies and their holding companies. It’s a sign that clients have finally woken up. For years, there was little accountability by agencies for the vast amounts of money they persuade clients to spend on “branding” exercises. Those Super Bowl TV spots make a client CEO feel good on the golf course—but are virtually impossible to relate to an effect on sales.
… Even Sir Martin Sorrel, CEO of the world’s largest advertising holding company, WPP, recently proclaimed: “We are no longer Mad Men, we are Math Men.”
For my researching students...
Congress.gov Beta Legislative Site Readies for Prime Time as the new official website – replacing THOMAS
by Sabrina I. Pacifici on November 9, 2013
News release: “The free legislative information website, Congress.gov, is transitioning into its permanent role as the official site for federal legislative information from the U.S. Congress and related agencies. The site, which launched in beta form last fall and features platform mobility, comprehensive information retrieval and user-friendly presentation, is replacing the nearly 20-year-old THOMAS.gov. Beginning Nov. 19, typing Thomas.gov into a web browser will automatically redirect to Congress.gov. @Thomasdotgov Twitter followers will be transferred to the @Congressdotgov account. THOMAS.gov will remain accessible from the Congress.gov homepage through late 2014 before it is retired. When the Library of Congress, in collaboration with the U.S. Senate, U.S. House of Representatives and the Government Printing Office (GPO) released Congress.gov as a beta site in the fall of 2012, it included bill status and summary, member profiles and bill text from the two most recent congresses at that time – the 111th and 112th. In the year since, Congress.gov has expanded with the additions of the Congressional Record, committee reports, direct links from bills to cost estimates from the Congressional Budget Office, legislative process videos, committee profile pages and historic access reaching back to the 103rd Congress. Users have been invited to provide feedback on the site’s functionality, and many of those suggestions have been incorporated along with the data updates. Additional content will be incorporated throughout 2014 – including nominations, treaties and communications – before THOMAS.gov is formally retired. THOMAS, named for Thomas Jefferson, was launched by the Library in 1995 as a bipartisan initiative of Congress. It averages 10 million visits each year. [Facebook had 164 million unique visitors in September. So 10 million is less than 2 days on Facebook. https://siteanalytics.compete.com/facebook.com/ Bob] The system has been updated over the years, but its foundation can no longer support the capabilities that today’s Internet users have come to expect, including access on mobile devices. Using best practices for retrieving and displaying information, the refined, user-friendly Congress.gov system makes finding and using legislative information more intuitive, comprehensive and accessible than the existing system.”
Run through the rain or wait a few minutes?
– Available for iOS & Android, Nooly is a weather app that predicts the exact minute rain or snow will start, the exact time light rain turns into thunderstorm conditions, and when exactly the storm will end. Each one of Nooly’s predictions is for an area of 0.4 square miles. Nooly predicts the minute rain starts, but it is only for the US and southern parts of Canada.
“Ain't technology wonderful?”
Motorola wants to tattoo a mic on your throat
Every week, and it's free!
… Khan Academy and Getty Museum are partnering.
… The Wikipedia Education Program, which has encouraged educators to have students contribute to Wikipedia as part of their coursework, is spinning out into its own non-profit, the Wiki Education Foundation.
… “A $1-billion plan to put an iPad into the hands of every Los Angeles student and teacher could prove difficult to sustain financially after about three years, based on figures provided by the L.A. Unified School District.”
… A story in the New Republic highlights more silliness emanating from the Common Core State Standards – this time, how the standards rate literature’s complexity. The CCSS has adopted Lexiles, a rating system developed by the MetaMetrics corporation, to ascertain how challenging reading materials are. Apparently Hunger Games is more complex than the Grapes of Wrath; Mr Popper’s Penguins is more complex than To Kill a Mockingbird; and Slaughterhouse Five has a fourth-grade reading level.